CVE-2024-38828 vulnerability has been identified in UIM as using Spring Framework 5.3.37.

UIM 23.4CU2

The vulnerability in question, CVE-2024-38828, is classified as "Medium" and for UIM is considered LOW risk.  As of 2 Dec 2024, all probes that use spring framework 5.x will be upgraded to 6.x and will need to have Java upgraded. Engineering will need to certify the updated spring frameworks.  No hotfixes will be released for this vulnerability per Broadcom policy, but you should update to the latest available probe versions as they are released. ETA is Q2 FY25.